The EU moved its biggest AI deadlines and banned nudifier apps

The EU AI Act has been the regulation everyone loves to worry about, and this month it changed shape. Under the Digital Omnibus package, the heaviest high risk obligations are being pushed further out. Standalone high risk systems now apply from 2 December 2027, and high risk AI embedded in regulated products moves to 2 August 2028.

That is real breathing room for anyone building serious AI products for the European market. The high risk conformity paperwork is expensive and slow, and a lot of teams were staring down an August 2026 cliff edge that has now been softened.

There is relief for smaller companies too. The simplified compliance framework, previously aimed at small and medium enterprises, now extends to firms with up to 750 employees and 150 million euro in annual revenue. That captures a large slice of the European tech sector that was previously stuck with full obligations.

It is not all loosening. From 2 December 2026, the rules explicitly ban nudifier applications: AI systems that generate or manipulate sexually explicit images of people without consent. After a grim couple of years of deepfake abuse stories, this is a clear line in the sand, and a welcome one.

The catch is timing. The transparency rules of the AI Act still take effect in August 2026. If your product uses AI to generate content or runs a chatbot, you will need to label AI output and disclose that users are talking to a machine this summer, deadline extension or not.

Our take: if you sell into the EU, do not read the headline as a holiday. The expensive high risk work has slipped, but the transparency obligations are close, cheap to get wrong, and easy to get right if you start now.